Neroma, also known as Icebut, is a mass-mailing worm that spreads via the addresses it cullsout of the address books in infected computers. The subject line reads: It's near 9/11. Butthe message reads: Nice butt baby. It also sports an executable attachment.
Security analysts at both Sophos, Inc. and Central Command, Inc. say Neroma has causedlittle trouble so far. The worm, though, has caused concern because of its reference to Sep.11.
''I guess the reason why Neroma was initially released as an advisory was to start advisingpeople to be prepared for the Sep. 11 based viruses,'' says Steven Sundermeier, vicepresident of products and services at Central Command, an anti-virus company based inMedina, Ohio. ''Since the Sep. 11 attacks, it has been one of the most highly targeted virusdates. It's an enticing, easily targeted date. When I say date, I mean on or about oraround.''https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i As analysts wait to see if the Sep. 11 anniversary draws fire from the virus and hackercommunities, they're also waiting to see what the next move is from the author of thedestructive Sobig virus family.
The last Sobig variant, Sobig-F, wreaked havoc on businesses around the world last month.It's now considered the fastest-spreading virus in the industry's industry, as well as oneof the most costly viruses on record. Mi2g, a digital risk assessment company based inLondon, reports that Sobig-F caused $29.7 billion worth of economic damages. Thanks largelyto that, August has gone down in the books as the worst month in history for digitalattacks. Last month, viruses, along with overt and covert hacker attacks, caused $32.8billion in economic damages.
What is worrying security experts now is that Sobig-F is about to hit its own deadline. Asof Sep. 10, the virus will stop spreading itself across the Internet. And historically, oneSobig variant has always followed another, each new variant building on the base of infectedcomputers and building on the damage caused by the last one.
That leaves the security industry wondering when the next Sobig variant will arrive and whatkind of damage it will wreak.
''We wouldn't be surprised if it came out in the near future,'' says Chris Belthoff, asecurity analyst with Sophos, an anti-virus company based in Lynfield, Mass. ''Our postureis: Hope for the best. Expect the worst.''